<?
$pagename = "Log in";
session_start();
require("includes/variables.php");
require("includes/functions_general.php");
mysqlconnect($site['mysql_user'], $site['mysql_password'], $site['mysql_db']);

if ($_POST) {
	
	$email = cleanup($_POST['email']);
	$password = cleanup($_POST['password']);
	$action = cleanup($_POST['action']);
	$referer = cleanup($_POST['referer']);
	
} else {
	
	$email = cleanup($_GET['email']);
	$password = cleanup($_GET['password']);
	$action = cleanup($_GET['action']);
	$referer = cleanup($_GET['referer']);
	
}


if ($referer == "") $referer = $_SERVER['HTTP_REFERER'];  // use the referer page to redirect to - if empty, assigned below to default
if ($referer == "") $referer = "index.php";  // set the default redirect page you wish to redirect users to




#### login post
if ($action == "login") {

	// error check
	$errorcheck = "";
	$id_pass = "";
	$password_pass = "";

	// e-mail address check
	if ($email == "") {
		$errorcheck .= "<li>You left the e-mail address blank.</li>";
	} 
	if (is_valid_email_address($email)) {
		// passed
	} else {
		$errorcheck .= "<li>Invalid e-mail address</li>";
	}
	
	// password check
	if ($password == "") {
		$errorcheck .= "<li>You left the password field blank.</li>";
	}
	
	// check to see if they're in the system
	if ($email != "") {
		$sql = mysql_query("select u_id from users where u_email = '".$email."'");
		if ($result = mysql_fetch_array($sql)) {
			$u_id = $result['u_id'];
			$id_pass = true;
			
			// check password 
			$sql2 = mysql_query("select u_firstname from users where u_id = '".$u_id."' && u_password = password('".$password."')");
			if ($result2 = mysql_fetch_array($sql2)) {
				$u_firstname = strip($result2['u_firstname']);
				$password_pass = true;		
			} else {
				$password_pass = false;	
				$errorcheck .= "<li>Incorrect password</li>";	
			}
			
		} else {  // email address fail
			$id_pass = false;
			$errorcheck .= "<li>This e-mail address does not exist in our system.</li>";
		}
	}


	// render FAILED results
	if  (($errorcheck != "") || ($id_pass == false) || ($password_pass == false)) {
	
		include("includes/header.php");
		echo "<h1>Log in failed</h1>";
		echo "<p><strong>We're sorry, but your attempt to login has failed:</strong></p>";
		echo "<ul>".$errorcheck."</ul>";
		include("includes/inc_form_login.php");
		echo "<br /><br />";
		include("includes/footer.php");
	
	// render SUCCESSFUL results
	} else {
	
		$output = "<h1>Log in successful</h1>";
		$output .= "<p>Welcome back, ".$u_firstname.".<br />";
		
		// look for previous session
		$sql = mysql_query("select * from user_sessions where us_userid = '".$u_id."'");
		if ($result = mysql_fetch_array($sql)) {
		
			$prev_time = $result['us_time'];
			$prev_ipaddress = $result['us_ipaddress'];		
			$output .= "Previous login: ".date("D, F jS, Y (g:i a)", $prev_time)." from the IP address ".$prev_ipaddress.".<br />";	
			
			$sql2 = "update user_sessions set us_sessionid = '".session_id()."', us_time = '".time()."', us_ipaddress = '".$_SERVER['REMOTE_ADDR']."' where us_userid = '".$u_id."'";
			if ($result2 = mysql_query($sql2)) {
				$output .= "Your session has been updated.<br />";
			} else {
				$output .= "Unable to update your session.<br />";
			}
			
		
		} else {
		
			#### user's first time logging in - enter their session info
			$sql2 = "insert into user_sessions (us_sessionid, us_userid, us_time, us_ipaddress) values ('".session_id()."', '".$u_id."', '".time()."', '".$_SERVER['REMOTE_ADDR']."')";
			if ($result2 = mysql_query($sql2)) {
				$output .= "Your session has been saved.<br />";
			} else {
				$output .= "An error has occurred saving your session: ".mysql_error()."<br />";
			}
		
		}  // end query for user session
		
		$output .= "</p>";
		
				
		
		include("includes/header.php");
		echo $output;
		$redirectmessage = "You have been logged in and will be redirected to the page you came from ";
		redirectCountdown($referer, 3, $redirectmessage);
		include("includes/footer.php");	
	
	}  // end user error check
	

} else {

	// checking login session
	if (checksession(session_id(), $_SERVER['REMOTE_ADDR'])) {
		// redirect automatically to organizations page
		header("Location: index.php");	// default redirect after logging in
	} else {	
		// not logged in - display form
		include("includes/header.php");
		include("includes/inc_form_login.php");
		echo "<br /><br />";
		include("includes/footer.php");	
	}

}

?>